The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Most computer systems nowadays are secured by requiring authentication of their users before allowing the users to access information or services provided by the systems. Many computer systems also provide enhanced security by actively monitoring the activities of their users, and by limiting or restricting the services or information provided to the users based on their identity. For example, a user of a computer system may initially be granted access to the system by creating a username associated with the user, and by allowing the user to set up a secret password.
The system administrator creating the username also associates a set of privileges with the username. A privilege is a grant to the user to perform a particular operation in the system. For example, in a database system, the set of privileges associated with the user may include the privileges to perform operations related to selecting, updating, and/or deleting information from a database managed by the database system.
In some systems, the system administrator creating the username may also associate a set of permissions with the username. A permission is a grant to the user to access a particular object in the system or a particular service provided by the system. Using a database system as an example, a set of permissions associated with a user may include permissions granted to the user to access the information stored in a particular database, in a particular table in the database, or in a particular column or columns in a table. In every computer system, privileges and permissions granted to a user may be denied or revoked by an authorized user of the system, usually a system administrator.
Some computer systems are further secured by providing one or more roles that a user of the system may perform. In these systems, a set of predefined privileges and/or a set of predefined permissions are associated with each role, and once a username representing a user in the system is associated with a role, the user is automatically allowed to perform the operations associated with the set of predefined privileges and to access the objects associated with the set of predefined permissions. For example, a user in a database system may perform the role of a system administrator, which role is granted the privilege to perform all operations in the database system and the permission to access all objects in all databases managed by the database system; or the user in the database system may perform the role of a database owner, which role is granted the privilege to perform all operations in a particular database and the permission to access all objects in the database.
In some computer systems, in order to simplify the maintenance of security, users may be congregated into user groups. In these systems, privileges and/or permissions may be granted and denied to the user groups instead of the individual users. In other computer systems, in order to make administration of security more efficient, a set of security policies may be defined. A security policy is a predefined set of privileges and/or permissions that are associated with a predefined user, user group, user role, or one or more objects in the system.
In addition to security mechanisms, many software systems have audit mechanisms. In general, audit mechanisms capture information about the activities of a system's users. What particular activities are to be audited is usually determined by a set of audit rules, where an audit record is generated when a condition associated with an audit rule is satisfied. For example, when a user connects to a system and creates a session to utilize the services of the system, the system may record in various logs audit information about the user and audit information pertaining to the session the user created. Further, the system may be configured to record, during the lifetime of the session, any audit information about the actions and operations performed by the user.
Usually, the computer systems are configured to collect such audit information in order to give system administrators the ability to perform fine-tuning of system resources, to correct improper system set up, and to plan for future upgrades. System administrators usually perform these tasks by searching through audit records that may be spread across many audit logs and even many computer hosts.
Often, in a computer system there is little interaction between the security mechanism and the audit mechanism. For example, based on information in the audit records, an administrator may decide to change security settings. However, such security settings adjustments typically take place long after the activity that generated the audit records has ceased. Of course, if the system administrator determines that user activity reflected in the audit records is improper, and if the user is still logged on in the system, then the administrator may terminate the user session in the system. However, given the time-consuming analysis that such a decision requires, and the massive amount of concurrent activity in some software systems, the likelihood that an administrator can stop a security threat “in the act” is extremely low.
Based on the foregoing, there is clearly a need for techniques for proactively enforcing security rules in computer systems that overcome the shortcomings of the approach described above. Also needed are techniques for combining and integrating audit rules and security rules to close existing security loopholes that may be exploited by users that engage in unauthorized activities.